EE515/IS523: Security 101: Think Like an Adversary


  • Required: Papers!
  • Optional
    • Handbook of Applied Cryptography by Alfred J. Menezes, Paul C. Van Oorschot, Scott A. Vanstone (Editor), CRC Press, ISBN 0849385237, (October 16, 1996) Available on-line at
    • Security Engineering by Ross Anderson, Available on-line.

Class Homepage:

Read this document very carefully, as it defines what is required to perform effectively in this class.

Every scientific research starts from finding new problems. Likewise, the most important step in security research is to discover new attacks. Today, media is filled with attacks on various systems: Web servers, DNS, Internet banking, e-voting systems, cellular networks, social networks, mobile phones, nuclear power plants, and implantable medical devices. These attacks are originated from various vulnerabilities, such as user interface design, ignorance or security by obscurity, deployment mistakes, and physical exposure. The main objective of this course is to learn how to think like an adversary. In other words, we will look at various ingenuous attacks and discuss why and how such attacks were possible. This is first crucial step to design and deploy systems robust against various attacks.

Instructor: Yongdae Kim
      Office: Room 201 N26 (CHiPs Building), 291 Daehangno, Yuseong-gu, Daejeon, 305-701, Republic of Korea
      Lecture: Mon/Wed 10:30 AM - 12:00 PM, Room 113 N1 (IT Convergence Building)
      Office hours: TBD (Also possible by sending me an e-mail)

Course content : Security Fundamentals, Frequent Failures from user interface/data mining/software engineering, Case studies of various attacks on Peer-to-peer system, Social Networks, Cellular Networks, Botnets, Cloud Computing, Internet Control Plane, Medical devices, Automobiles, Crypto implementation, Hardware, etc.

Evaluation: The following rules will be strictly enforced.

Evaluation will consist of one lecture, reading report, and a research project. 

Lecture: 20 %
Reading report: 45 % (2.5 % x 18)
Project: 35 %

Incompletes will in general not be given. These options will be considered only when a provably serious family or personal emergency arises, proof is presented, and the student has already completed all but a small portion of the work.

Scholastic conduct must be acceptable. Specifically,
you must write your own reading reports.